DEV Community: Tejaswa Hinduja

Solana Token Launchpad (with metadata) -2

Tejaswa Hinduja — Fri, 06 Mar 2026 15:26:50 +0000

I hope you are coming from the previous blog
So we created tokens using the token-22 program which supports extensions (Metadata Pointer Extension) stored directly in the mint account.

Token-2022 can store basic metadata on-chain:-name,symbol,uri,etc.
The uri is a link to off-chain metadata json
{
"name": "My Token",
"symbol": "MT",
"description": "Example token",
"image": "arweave://...",
"attributes": [...]
}
There are a few ways to store this json, the easiest i found is through irys(arweave).Lets get started with that, install these first @irys/web-upload-solana , @irys/web-upload
Lets first set up the a irys uploader

and fund the irys account so that they give us some storage to upload our data

Now do you remember in the last blog we built a form for the user to enter some metadata for the token, now we need to upload that metadata and convert it into a metaplex std json

What this function does is it takes the input from the form and converts it into a json(metaplex std) and then gives it to irys which then returns a uri.
Now we store this uri in our metadata object and use it while creating the mint account
createInitializeInstruction({ programId: TOKEN_2022_PROGRAM_ID, mint: mintKeypair.publicKey, metadata: mintKeypair.publicKey, name: metadata.name, symbol: metadata.symbol, uri: metadata.uri, mintAuthority: wallet.publicKey, updateAuthority: wallet.publicKey, }),
And we are done, few things i would like to add, I am storing only the json ideally you want to store everything on areweave or ipfs including the image.
Also how do wallets discover the metadata and show token image:-
When a wallet detects a token in your account, it first reads the mint account from the token program From this it learns about mint address,extensions and some other stuff.If the mint uses the TokenMetadata extension, the wallet reads:name,symbol,uri.

If you found the blog helpful give it a like and follow, also connect on socials:-
Twitter:-https://x.com/Tej_Codes
LinkedIn:-https://linkedin.com/in/TejaswaHinduja

How to build a solana token launchpad (with metadata)

Tejaswa Hinduja — Tue, 10 Feb 2026 12:25:23 +0000

This blog is relevant for anybody who is just getting started in web3 just like me and is wondering what is all this token stuff.
First just install all the dependencies, I am using nextjs,typescript,yarn(npm wasnt working idk why)
@solana/spl-token","@solana/spl-token-metadata","@solana/wallet-adapter-base","@solana/wallet-adapter-react","@solana/wallet-adapter-react-ui","@solana/wallet-adapter-wallets","@solana/web3.js"
So we are building a solana token launchpad using the token22 program.
To make tokens first we need a mint account,
We need few things to make a Mint account:-

A keypair
The user's public key
Rent value
space
programId(which is token22)

Now lets get to the token creation part,Obviously the token needs to have a name and a symbol and some other metadata so lets get that sorted.
Create a form

and find the space,rent which would be required

Next step is to add the instructions for setting up the metadata and the mint

Now we need to add the users public key to the transaction and also the recent blockhash(unlike eth where programs can get verfied after a few days, in solana it doesnt work like that) and we partially sign the transaction since we do not have the users private key and only have the mint account keypair, the wallet then asks the user to sign the transaction.

and then finally wrap the function inside the wallet provider,
Most of the things are done in the next blog ill share about how to store the metadata.
and Obviously I am talking about devnet here and not real prod

If you liked the blog
Connect on socials:-
Twitter:-https://x.com/Tej_Codes
LinkedIn:-https://linkedin.com/in/TejaswaHinduja

What is CORS?

Tejaswa Hinduja — Tue, 20 Jan 2026 15:38:08 +0000

So while building full stack projects , I came across this annoying thing called cors, whenever I tried to send a request from my frontend to the backend it never went through and it was pretty frustrating.So here's my attempt to explain it to someone who is just starting out building projects.

In almost all of the full stack projects you would come across there are two things interacting with each other,the client and the server,For example

Now lets say you have two tabs open in a browser,
1.tejaswahinduja.me
2.Instagram.com
both of the sites would have their own servers
and you are logged into instagram and you now visit tejaswahinduja.me,Lets say I have added some js code on my client side like fetch(instagram/user/inbox/chats) this will send a request to the instagram's server and since you are already logged in your cookies exist, through which the instagram's server can validate that you are logged in and it would return the response,You can now figure out whats wrong here right, tejaswahinduja.me shouldn't be able to access your insta account.To prevent this,The same-origin-policy is a critical security mechanism that restricts how a script loaded from a origin interact with other origins.But now you cannot interact with your frontend and backend since they are two different origins.
**Now how does CORS(cross origin resource sharing) helps in solving this?
First lets see ,What is a origin?A origin is nothing but a tuple of:-scheme(http/https)+host+port for eg:https://tejaswahinduja.me and https://www.tejaswahinduja.me are two different origins.
CORS is an HTTP-header based mechanism that allows a server to indicate any origins other than its own from which a browser should permit loading resources.In short the backend can decide which client to trust and who not to.How this works it lets the server decide which origins to permit, check the below image.

The server sends a Access-Control-Allow-Origin in the response headers which tells the broswer if the client is allowed or not.By default the cookies are not sent to the server so credentials:include is used to send the cookies to the server.
Well this works perfectly fine when making standard http requests like get and post.
But if the client makes a non-standard http requests like put,delete,etc the browser then first sends a "preflight" request which just checks if the origin is allowed or not.If the origin is not allowed then a CORS error occurs.
That’s CORS in action strict, sometimes frustrating, but essential for web security.

If you liked the blog, lets connect
Twitter:https://x.com/Tej_Codes
Linkedin:https://www.linkedin.com/in/tejaswa-hinduja-b585b6323/
Github:https://github.com/TejaswaHinduja

Sources:-
https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS
https://www.youtube.com/watch?v=WWnR4xptSRk

JWT Authentication in typescript,express

Tejaswa Hinduja — Sat, 22 Nov 2025 08:23:22 +0000

Assuming you have express and typescript setup , Lets get right into it

Step1:- To protect a route we need to first create a token when a user logs in and then verify it when the user tries to reach a protected route.So lets create a function to generate tokens

How this function works:-
The jwt.sign() function takes in 3 parameters as input:-

payload(in our case it is the Id):-payload is the data which we want to imbed in our token
secret:-This is a private key which we will define
{options}:-There are various optional functionalities we can add such as an expiry timing for the token, the issuer, audience ,etc.

This will create a token for us,Now we need to store this token somewhere so that whenever the user tries to reach a protected route they also send us the token which we can verify.
The best way to store the token is to store it in the cookies.

The res.cookie() function takes in 3 parameters:-
-name:- this is the name of the cookie , eg “jwt”,
-value:-token in our case is the value
-{options}:- other features like how long should the cookie last , security settings

Step2:-Now lets create a middleware to protect our routes

So we get our jwt token from the cookies and then verify it using jwt.verify() function,
the verify() function takes in two arguments
-our token
-the secret which we defined
So what the verify() function does is takes the header and payload from the token and recreates the signature using our secret and then compares it to the signature inside our token.
Here is a sample usage of this auth flow in a signup endpoint

Once all the checks are done, then gentoken() function creates the token.

Connect:-
x.com/Tej_Codes
github.com/TejaswaHinduja